The Information Technology Act 2000 (hereinafter IT Act) was enacted to provide legal recognition to the transactions carried out by electronic means such as e-commerce and also to facilitate e-governance. E-governance means electronic governance where information and communication technologies are used at various levels of government and the public sector and beyond, for the purpose of enhancing governance.
In this context, an electronic signature plays a vital role in securing the interest of the players of e-governance. There are two fundamental principles for a signature to be legally enforceable
It is highlighted that a signature performs three main functions
section 16 of the Act confers powers on the Central Government to prescribe security procedures and practice related to secure electronic signature. In exercise of this power, the Central Government notified the Information Technology (Security Procedures) Rules, 2004, which specify that a secure electronic record is one, which has been affixed with a digital signature, thereby excluding all other forms of electronic signatures form the definition of secure electronic records. Rule 4 sets out the procedure to be applied for deeming a digital signature, as a secure digital signature.
The list briefly is:
Digital signature: Digital signature form part of the broad head of electronic signature as set out above. The primary difference is in the level of security attached to the digital signature, which flows from the technology used. While all forms of authentication including through a password may fall within the definition of electronic signature, the electronic technique required for digital signature is that which is specified under the IT Act, which is asymmetric crypto-system and hash function. Section 2 (p) of the IT Act defines digital signature as ‘authentication of electronic record by a subscriber by means of an electronic method or procedure in accordance with the provision of section 3 of the Act.
Encryption, through cryptographic tools, is used to generate a digital signature. Digital signatures use the asymmetric crypto system, which has a public key available to all and a private key that will be or is required to be retained only with the subscriber. The private and public keys together are referred to as a 'key pair.' The key pair is computer generated using encryption tolls and is not manually created. The public key will be listed in the digital signature certificate which will be issued by a certifying authority, and the private key will be with the subscriber to such a digital signature, which will be used for executing an electronic record by applying such digital signature. Section 3 of the IT Act provides for authentication of electronic records through digital signature through the use of the asymmetric crypto system and hash function which envelops and transforms the initial electronic record into another electronic record. The hash function has been defined in the explanation to Section 3 of the IT Act as under: For the purposes of this sub-section, hash function means an algorithm mapping or translation of one sequence of bits into another, generally smaller, set known as hash result such that an electronic record yields the same hash result every time the algorithm is executed with the same electronic record as its input making it computationally infeasible
a. to derive or reconstruct the original electronic record from the hash result produced by the algorithm;
b. that two electronic records can produce the same hash result using the algorithm. Hash function is a computer-generated calculation of the value of each electronic record which ensures authenticity and integrity of the electronic record. The hash value is derived through an algorithm, which maps a set of bits into smaller code. In Shree Balaji Export Corporation vs. Food Corporation of India, the Punjab and Haryana High Court dealt with signing of a tender document using digital signatures. The petitioner's tender had been rejected for want of signatures in the annexures. The court held that digital signatures were a secure way of authenticating electronic records, which was recognised under Section 2 (1) (p) and (q) of the IT Act, and that even the tender document permitted online submission to be digitally signed using digital signature certificates and hence quashed the respondent’s order rejecting the petitioner’s bid. It should be noted that, unlike section 85B of the Indian Evidence Act, which has a provision establishing a presumption regarding the intention of a signer using a secure electronic signature, there is no such presumption of intention for a digital signature. Therefore, when the document is authenticated using a digital signature, which may or may not indicate the intention of a signer to approve the content of the document, the inclusion or exclusion of evidence relating to this signature will be a matter of procedure, rules, and the court's ex-post-facto rationalization. Though all these kinds of electronic signatures have been given legal recognition by the IT Act, however evidentiary value of each of them may vary. According to Section 67A of the Evidence Act, except in case of a secure electronic signature, if the electronic signature of any subscriber is alleged to have been affixed to an electronic record the fact that such electronic signature is the electronic signature of the subscriber must be proved. Furthermore, the Central Government has been given the authority to prescribe the procedures for the purpose of ascertaining whether the person, to whom an electronic signature belongs, has in affixed it. It has also been given the authority to accept or reject methodologies for authentication of electronic signature and all such changes are to be placed before Parliament for confirmation. Section 10 of the IT Act also confers powers on the Central Government to prescribe rules for the issuance of electronic signature.